(https://nvd.nist.gov/vuln/detail/CVE-2019-13504): There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. Gentoo Security Padawan (domhnall)
0.27.2 release is planned for 2019-07-31
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5596fa323540961fec3729e052a75baa88c8954 commit a5596fa323540961fec3729e052a75baa88c8954 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-07-21 15:59:57 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-07-21 16:13:21 +0000 media-gfx/exiv2: 0.27.2_rc3 version bump for testing This is the last RC before 0.27.2 release that is planned for 2019-07-31. Bug: https://bugs.gentoo.org/689642 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.27.2_rc3.ebuild | 103 ++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0e96ba43734040a82ad7b8302da4bf147802ef9 commit d0e96ba43734040a82ad7b8302da4bf147802ef9 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-07-29 18:49:26 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-07-29 18:55:40 +0000 media-gfx/exiv2: 0.27.2 version bump Bug: https://bugs.gentoo.org/689642 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.27.2.ebuild | 101 ++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+)
Documentation changes only since rc3, arches please stabilise.
arm64 stable
ppc stable
ppc64 stable
amd64 stable
x86 stable
alpha stable
sparc stable
ia64 stable
arm stable
CVE-2019-13114 (https://github.com/Exiv2/exiv2/issues/793): http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
CVE-2018-20097 (https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html): There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
CVE-2020-18831 (https://github.com/Exiv2/exiv2/issues/828): Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.